The Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications Security Establishment Canada (CSE), has joined the United States’ National Security Agency (NSA) and other international partners in issuing a joint advisory on worldwide network compromises by state-sponsored actors from the People’s Republic of China (PRC).
This joint advisory warns that PRC state-sponsored threat actors are targeting global networks including:
- telecommunications
- government
- transportation
- lodging
- military infrastructure
These threat actors focus on large backbone routers of major telecommunications providers, as well as provider edge and customer edge routers. They also leverage compromised devices and trusted connections to pivot into other networks, often modifying routers to maintain persistent, long-term access to networks. To achieve this, they mainly rely on the exploitation of publicly known common vulnerabilities and exposures and other avoidable weaknesses within compromised infrastructure.
This activity partially overlaps with cyber security industry reporting on PRC threat actors commonly known as Salt Typhoon and others.
We urge network defenders to hunt for malicious activity and implement the mitigations in this joint advisory to counter cyber threats from PRC state-sponsored threat actors and others.
Read the full joint advisory: Chinese state-sponsored actors compromise networks worldwide to feed global espionage system (PDF).